AtBroker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AtBroker.exe
Size

52KB
MD5

d1d7c8ea7a0e3dac58c69cd5bd431644
SHA1

8ed631ca213ff5f52d6ff523fbc2069f6a92aff6
SHA256

63a92b2a5c99f4c339bc55ba45b61d0cd6a4e4970b6ba9613b7b0e19771e4cd1
SHA512

625da76a65cd18c08b65ded435accb2085e81e00bb3f5377c577987ab270d70f6bd52254929e8bd646789607a6b159ce84a61fdd18d445e0968b63bed9f85837
SSDEEP

768:EO713Y7bS1JqhnUhQ900m33uOFq2jhQpGM6Ypbn2ZpuejqhOfusLdInbBrYzl2PY:dr5Q900AH6pGrxfusund0RssgSZMV2L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AtBroker.exe

Files

AtBroker.exe
.exe windows:6 windows x64

68445a516eb6f01f618339f11ed3469b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CloseServiceHandle
OpenSCManagerW
OpenServiceW
GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
AllocateAndInitializeSid
UnregisterTraceGuids
FreeSid
RegOpenKeyExW
GetTraceEnableLevel
CheckTokenMembership
QueryServiceConfigW
RegCloseKey
RegisterTraceGuidsW
RegSetKeyValueW
TraceMessage

kernel32

OpenMutexW
LocalAlloc
lstrcmpiW
GetCurrentThreadId
SetProcessShutdownParameters
CloseHandle
LocalFree
GetVersionExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
Sleep
ExpandEnvironmentStringsW
OpenJobObjectW
IsProcessInJob
RegEnumValueW
RegDeleteTreeW
RegNotifyChangeKeyValue
RegEnumKeyExW
FindResourceExW
LoadResource
LockResource
SizeofResource
DeleteFileW
GetFileAttributesW
HeapFree
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
GetProcessHeap
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RegLoadMUIStringW
K32EnumProcesses
ProcessIdToSessionId
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW
MultiByteToWideChar
RegSetValueExW
RegCreateKeyExW
GetLastError
InitializeProcThreadAttributeList

user32

GetWindowThreadProcessId
GetShellWindow
GetKeyState
SendMessageTimeoutW
GetUserObjectInformationW
SystemParametersInfoW
GetThreadDesktop
SendInput
UnregisterClassA

msvcrt

_unlock
_lock
?terminate@@YAXXZ
_commode
__dllonexit
__C_specific_handler
_wtoi
??2@YAPEAX_K@Z
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
_wcslwr_s
memcpy_s
memmove_s
wcsrchr
_vsnwprintf
_ltow_s
wcsspn
wcscspn
memset
??1type_info@@UEAA@XZ
_onexit
_CxxThrowException
__CxxFrameHandler3
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcscpy_s
malloc
free
_wcsicmp
??3@YAXPEAX@Z
wcscmp

ntdll

RtlVirtualUnwind
WinSqmIsOptedIn
WinSqmAddToStream
RtlLookupFunctionEntry
RtlCaptureContext

shell32

ShellExecuteW

shlwapi

PathFileExistsW
ord460

uxtheme

ord65

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68445a516eb6f01f618339f11ed3469b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shell32

shlwapi

uxtheme

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 144B

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 144B